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Description 

METHOD AND APPARATUS FOR 
DECRYPTING ENCRYPTED DATA 
TRANSMITTED WIRELESSLY BY 
UPDATING A KEY-TABLE 

Background of Invention 
[000 1 ] 1. Field of the Invention 

[0002] The invention relates to a wireless communication system, 
and more particularly, to a method and an apparatus for 
the decryption of encrypted data transmitted in a wireless 
communication system. 

[0003] 2. Description of the Prior Art 

[0004] A n increasingly popular networking solution in today's 
world is wireless networking. Instead of using wires to 
transmit data, wireless networking uses a signal to trans- 
mit data. Without wires, users are no longer restricted to 
locations where only wires are available. 

[0005] However, wireless networking is not without its disadvan- 



tages. The major issue with wireless networking concerns 
the security of the information transmitted. As a result, 
many of the protocols of wireless networking such as IEEE 
802.11 employ some form of encryption to protect the 
private information from being easily intercepted. Some 
encryption schemes such as Wired Equivalent Privacy 
(WEP) are one key schemes, meaning that all wireless de- 
vices on the network encrypt their information using one 
shared key. Also, because all devices use the same key to 
encrypt data, all the devices can use the encryption key as 
a decryption key for incoming data. As one can imagine 
such a scheme only offers modest protection. 
[0006] other encryption schemes such as Wife Protected Access 
(WPA) or IEEE 802. Hi are individual key schemes, mean- 
ing that each device on the network has its own individual 
key to encrypt data. Giving each device on the wireless 
network its own individual key does make security more 
robust in comparison to schemes such as WEP. When 
wireless communication is established between the access 
point and a wireless device, both of the wireless device 
and the access point store a ciphering key specific to the 
wireless device. Suppose that N wireless devices are in 
wireless communication with the access point. The access 



point keeps N different keys corresponding to these N 
wireless devices. When a wireless device wants to deliver 
data to a target host connected to the wired network, the 
wireless device, based on the above-mentioned ciphering 
scheme, has to encrypt the data with its own key. The ac- 
cess point receives the encrypted data, and retrieves the 
stored key corresponding to the wireless device for cor- 
rectly decrypting the encrypted data. In the end, the ac- 
cess point converts the decrypted data into proper pack- 
ets defined by the transmission standard of the wired net- 
work, and outputs the packets to the target host through 
the wired network. 

[0007] it i S clear that there is a great cost of using individual keys 
to perform the better ciphering scheme. That is, in order 
to decrypt incoming data from wireless devices (senders) 
on the wireless network, an access point (receiver) on the 
wireless network must store the keys specific to the wire- 
less devices as decryption keys. This has an impact on the 
design of access points made to be compatible with en- 
cryption schemes employing individual keys. 

[0008] Generally, the memory for storing keys (key-table mem- 
ory) of an access point is required to have a fast access 
speed so as to not slow down the decryption and trans- 



mission of data. Such types of memory that fit this re- 
quirement are quite expensive, and as a result, the key- 
table memory of the wireless device is small, being only 
large enough to store a few keys. Problems arise when the 
wireless network has more devices and therefore keys 
than the number of keys that the key-table of a wireless 
device can store. 
[0009] An obvious solution employed is to store a master list of 
the keys in the system memory of the wireless device. 
When a decryption key cannot be found in the key-table, a 
processor of the access point searches the master list 
stored in the system memory. The processor then uses a 
software driver to decrypt the received data through the 
wanted key found in the master list. This is also an 
unattractive solution because of the software decryption 
aspect. Software decryption not only slows data transmis- 
sion and increases the size and complexity of the software 
driver, but it is also very taxing on the system resources 
of the access point, all of which leads to a decrease in 

system performance. 
Summary of Invention 

[0010] it j S therefore one of the many objectives of the claimed 
invention to provide a method for decrypting encrypted 



data transmitted wirelessly by updating a key-table to 
solve the above-mentioned problem. According to the 
claimed invention, a method for decrypting data received 
by a receiver is disclosed. The method comprises search- 
ing a key-table of the receiver for a decryption key corre- 
sponding to the encrypted data; if the decryption key is 
not stored in the key-table, driving the receiver for dis- 
abling an acknowledgement message that informs the 
sender that the encrypted data has been received, trans- 
ferring the decryption key from the master list to the key- 
table to update the key-table; and decrypting the en- 
crypted data through utilizing the decryption key stored in 
the key-table. 

[001 1] one of the many advantages of the claimed invention is 

that the use of software decryption can be avoided in the 

event that the sought-after decryption key does not exist. 
Brief Description of Drawings 

[0012] pig.l is a block diagram of a wireless communication sys- 
tem according to the present invention. 
[0013] pig. 2 is a flowchart of a method employed by a wireless 

receiver shown in Fig.l. 
Detailed Description 



[0014] please refer to Fig.l. Fig.l is a block diagram of a wireless 
communication system 10 according to the present inven- 
tion. In the wireless communication system 10, a wireless 
receiver 11 is in wireless communication with a plurality 
of wireless senders 12. Please note that the wireless re- 
ceiver 11 can be any device (ex. a wireless network card 
inserted in a computer) supporting ciphering functionality. 
Taking a wireless LAN (WLAN) system for example, the 
wireless receiver 11 can be a router or a bridge for arbi- 
trating data transmission between the wireless sender 12 
and a target host of a wired network or a wireless net- 
work. In the preferred embodiment, the wireless receiver 
11 is designed to function as an access point used in the 
WLAN system. Therefore, the wireless senders 12 corre- 
spond to mobile units with wireless network interface 
cards. The wireless receiver 11 comprises a controller 20, 
a storage device 40, and a processor 50. The controller 20 
is for receiving, transmitting, and if necessary encrypting/ 
decrypting data and comprises a storage device 30, which 
has quick data access operation and is used for storing a 
key-table 32. The storage device 40 is used for storing a 
master list 42. As described before, the wireless receiver 
11 functioning as the access point will hold different keys 



corresponding to the wireless devices (the wireless 
senders 12) handled by the same access point. These keys 
KEY i ~KEY n are decryption keys used by the wireless re- 
ceiver 11 to decrypt encrypted data received from the 
wireless senders 12 and are listed in the master list 42. In 
addition, a plurality of keys KEY' -KEY' (m< n) are cho- 
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sen from the keys KEY -KEY listed in the master list 42 
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and are listed in the key-table 32. For example, the stor- 
age device 40 is a dynamic random access memory 
(DRAM), and the storage device 30 is a static random ac- 
cess memory (SRAM). Therefore, the wireless receiver 11 
is capable of efficiently decrypting the incoming data with 
the help of the SRAM caching the wanted decryption keys. 
It is obvious that the storage devices 30, 40 are not lim- 
ited to the above-mentioned memory types. 
[0015] The processor 50 is for controlling operations of the wire- 
less receiver 11 and updating the decryption keys KEY' - 
KEY' in the storage device 30. In addition to the storage 

m 

unit 30, the controller 20 further comprises an RX-MAC 
22 for receiving data, searching the storage device 30, 
and reporting the results of its searches, an RX-Decrypt 
24 for decrypting encrypted data via hardware using a de- 
cryption key stored in the storage device 30, and a TX- 



MAC 26 for transmitting outgoing signals. 

[0016] please refer to Fig. 2. Fig. 2 is a flowchart of a method em- 
ployed by the wireless receiver 11 shown in Fig.l. The 
method of decrypting incoming data according to the 
present invention includes following steps: 

[0017] Step 100:Start. 

[0018] step 110:Receive Encrypted Data. The controller 20 of the 
wireless receiver 11 receives encrypted data from a wire- 
less sender 12. 

[0019] step 120:Search Key-Table. Based on the information 
from the wireless sender 12, the wireless receiver 11 
searches the key-table 32 for the corresponding decryp- 
tion key. If the search is successful, go to Step 160; other- 
wise, go to Step 130. 

[0020] | n t his embodiment, the RX-MAC 22 of the controller 20 
searches the key-table 32 by using the MAC address of 
the wireless sender 12 to conduct the search. 

[0021] step 130:Notification. An unsuccessful search for the cor- 
responding decryption key means that the wireless re- 
ceiver 11 cannot at this time use hardware to decrypt en- 
crypted data from the wireless sender 12. As a result, 
wireless receiver 11 needs to be notified so that the cor- 
responding decryption key can be placed into the key- 



table 32. 

[0022] | n t his embodiment, when the search yields an unsuccess- 
ful result, the RX-MAC 22 issues a system interrupt 
KEY_MISS to the processor 50. 

[0023] step 132:Enabling a re-transmission mechanism in the 
sender. 

[0024] | n t his embodiment, the receiver 11 disables an acknowl- 
edgement mechanism (No-ACK). It is well known that an 
acknowledgement mechanism is widely utilized to make 
sure that the peer receiver has received the incoming data 
successfully. If the wireless receiver 11 is uses a wireless 
protocol that requires the acknowledgement of received 
data, the KEY.MISS signal will also be sent to the TX-MAC 
26, which thereby disables the wireless receiver 11 from 
outputting an acknowledgement message to the wireless 
sender 12. As stated before, disabling the acknowledge- 
ment is only applicable for when the wireless receiver is 
following a protocol that requires the acknowledgement of 
received data. Therefore, this step of disabling the ac- 
knowledgement mechanism should not be taken as a lim- 
itation of the claimed invention. 

[0025] step 140:Search Master list. Upon being properly notified, 
the wireless receiver 11 searches the master list 42 for the 



corresponding decryption key that matches the wireless 
sender 12. 

[0026] | n this embodiment, the processor 50, after having re- 
ceived the system interrupt KEY_MISS from the RX-MAC 
22, is used to search the master list. 

[0027] step 150:Update Key-table. Upon finding the correspond- 
ing decryption key in the master list 42, the key-table 32 
is updated. By updating the key-table 32, the wireless re- 
ceiver 11 will then be able to use hardware to decrypt en- 
crypted data from the wireless sender 12. 

[0028] | n this embodiment, the processor 50 is used to transfer 
the corresponding decryption key (ex. a copy of the 
wanted decryption key is transferred or the decryption key 
itself is transferred) from the master list 42 into the key- 
table 32. In a preferred embodiment, the least-fre- 
quently-used decryption key in the key-table 32 will be 
replaced with the decryption key sought from the master 
list 42. 

[0029] step 160:Decrypt. The search for the corresponding de- 
cryption key in the key-table 32 is successful, meaning 
that the wireless receiver 11 is able to use hardware to 
decrypt the received encrypted data. 

[0030] in this embodiment, after the decryption key has been 



found within the key-table 32, the RX-Decrypt 24 of the 
controller 20 obtains the decryption key from the key- 
table 32 and performs hardware decryption of the re- 
ceived encrypted data. 
[003 1 ] Step 170:Finish. 

[0032] | n step 120, the RX-MAC 22 searches the key-table 32 for 
a decryption key corresponding to the MAC address of the 
wireless receiver 11. If the search is successful, then the 
wireless receiver 11 can proceed to step 160 to carry out 
hardware decryption of the received encrypted data by 
having the RX-Decrypt 24 adopting the corresponding de- 
cryption key from the key-table 32. However, if the search 
is unsuccessful, then the RX-MAC 22 proceeds to step 
130 and issues a signal to notify the processor 50 of the 
result. In this embodiment, the signal that serves as a 
system interrupt is a KEY_MISS. If the wireless receiver 11 
is following a wireless protocol that requires the wireless 
receiver 11 to send an acknowledgement message to the 
wireless sender each time incoming data is successfully 
received, such as in this embodiment, then Step 132 will 
also be performed. In Step 132, the RX-MAC 22 will also 
send the KEY.MISS to the TX-MAC 26 to notify the TX- 
MAC 26 that the search was unsuccessful so that the ac- 



knowledgement message usually sent after receiving in- 
coming data is disabled. Because the wireless sender 12 
does not receive the acknowledge message from the wire- 
less receiver 11 after a period of time, the wireless sender 
12 deems that the previously sent data was lost during 
the wireless transmission, and will retransmit the same 
data previously sent to the wireless receiver 11. As men- 
tioned above, the wireless receiver 11 is unable to decrypt 
the received data for lack of the required decryption key, 
and the wireless sender 12 will retransmit the previously 
sent data. Therefore, the wireless receiver 11 will discard 
the received encrypted data if the required decryption key 
is not currently stored in the key-table 32. 
[0033] Having sent notification, in step 140, the processor 50 will 
search the master list 42 for the corresponding decryption 
key. After the decryption key is found, in step 150, the 
processor 50 updates the key-table 32 by transferring the 
corresponding decryption key from the master list 42 into 
the key-table 32. For instance, a copy of the wanted de- 
cryption key is stored into the key-table 32. In the pre- 
ferred embodiment, the sought decryption key from the 
master list 42 will replace the least-frequently-used de- 
cryption key in the key-table 32. 



[0034] a s mentioned above, the wireless sender 12 retransmits 
the same data previously sent to the wireless receiver 11 
because of the missing acknowledge message. After- 
wards, the wireless receiver 11 returns to step 110 and 
starts receive the same encrypted data retransmitted from 
the wireless sender 12. This time, in Step 120, the corre- 
sponding decryption key will be found successfully, and 
the RX-Decrypt 24 can perform hardware decryption of 
the encrypted data. 

[0035] As one can see, one of the benefits of the claimed inven- 
tion is the ability to retain hardware decryption ability and 
avoid software decryption in the case that the corre- 
sponding decryption key is not found in the key table. 

[0036] Those skilled in the art will readily observe that numerous 
modifications and alterations of the device may be made 
while retaining the teachings of the invention. Accord- 
ingly, that above disclosure should be construed as lim- 
ited only by the metes and bounds of the appended 
claims. 



